IT Priorities 2020: Compliance and risk are top security concerns

When it comes to security, buyers are prioritising solutions and services that address compliance issues, risk management and data protection, according to the Computer Weekly/TechTarget IT Priorities 2020 study

Cyber security and risk management was found to be the number one area for spending this year, and the number one area where users saw growth, the Computer Weekly/TechTarget data revealed. More than half (53%) of respondents said they saw budgets increasing in this area, tailed by cloud services.

Although the Covid-19 coronavirus pandemic has radically changed the face of global business since the Computer Weekly/TechTarget study was conducted, the need to keep on top of compliance and risk management remains. Indeed, in view of the sudden transition to remote working occasioned by various national social distancing and lockdown measures, they have become even more of a headache.

Writing in Computer Weekly in April 2020, Sabba Mirza and Michael Brown, senior associates at law firm Fieldfisher, said: “Remote working is not an excuse to implement less stringent security measures than you would have otherwise had in place. The standard remains that organisations must ensure that an appropriate level of security is applied to the personal data that they process.”

The UK Information Commissioner’s Office (ICO) has also taken a revised approach to compliance during the pandemic, signalling that it may take a more lenient approach to such matters on an ad-hoc basis, although it stressed it would not shy away from protecting UK citizens’ information rights.

The headline Computer Weekly/TechTarget data on compliance was backed up by researchers working on behalf of IT management software supplier SolarWinds, which has just released its own data on buying priorities in a study entitled IT trends report 2020: the universal language of IT.

The SolarWinds report, which can be downloaded here, said IT professionals are increasingly prioritising areas such as hybrid infrastructure management, application performance management (APM) and security management to optimise delivery for their cloud-first organisations.

“We see the effects of hybrid IT in breaking down traditional silos and bringing core competencies across on-premise and cloud environments together,” said Joe Kim, executive vice-president and global chief technology officer at SolarWinds.

“Especially now, when organisations worldwide are facing new challenges and uncertainty, we must take this reality seriously, focusing on skills development and readiness in key areas like security, cloud infrastructure and application monitoring. While IT continues to be a main driver of business importance, tech pros have an opportunity to help reassure the business and focus on effectively communicating performance now and into the future.”

The SolarWinds study – which was based on a survey fielded in December 2019 – reported that 57% of respondents expected to prioritise security and compliance, ahead of cloud (48%) and hybrid IT (39%), and only 16% cited emerging technologies. Given that the pandemic will inevitably force IT budgets to be re-evaluated, these trends would probably be more pronounced if the survey was repeated today.

The compliance policies with the greatest effect on IT departments were GDPR (92%), PCI DSS (32%) and SOX (14%). In terms of technology to support compliance goals, SolarWinds reported that buyers were tending to prioritise network security management (43%), security information and event management (SIEM) (30%), and backup and recovery (28%).

The Computer Weekly/TechTarget data revealed that in terms of compliance and risk-based security: 69% planned to implement end-user training; 63% governance, risk and compliance software and tools; 42% fraud detection systems and tools, which includes identity and access management as well as risk assessment; 28% zero-trust; and 15% digital forensics for incident response and mitigation.

In terms of cloud, network and application security initiatives, the most popular initiatives planned for 2020 were found to be threat detection and management (38%), web security (29%) and cloud security services (29%). Less regarded initiatives included: DevSecOps (10%), although this is the first year it has appeared in the data; DNS management (9%); bot management (5%); and software-defined perimeters and other VPN alternatives (3%) – although considering the sudden pivot to remote working, it is highly likely this final statistic is no longer accurate.

Highly-prioritised initiatives in the area of operational security, endpoint security and internet of things (IoT) security reflected the wider compliance theme.Preventing data loss altogether is clearly an overarching priority for buyers, cited by 49% of respondents, with email security cited by the same percentage. Endpoint security was in third place on this chart, cited by 44%, mobile device security was fourth on 33%, encryption fifth on 32%, and SIEM sixth on 23%. At the bottom of the chart were initiatives such as security orchestration and/or automation and response (11%), IoT security (7%) and deception technologies (4%).

Finally, in identity security, multifactor authentication was the most widely planned initiative for 2020, cited by 48% of respondents, followed by access management (34%), single sign-on (SSO) (30%), privileged identity or privileged account management (29%) and identity management, including password management and provisioning (29%). Less popular initiatives included identity governance (16%), biometrics (16%), identity and access management-as-a-service (9%) and authentication (9%).

Reflecting a wider trend evident throughout the Computer Weekly/TechTarget data, the study also reported that buyers are planning to run a number of security initiatives through managed service providers (MSPs). The solutions that look most likely to be deployed through the channel include end-user training, email security, SSO and data loss prevention, while buyers are considerably less likely to turn to third-party providers in areas such as authentication, vulnerability management and security analytics.

Content Continues Below

Download this free guide

Getting Cloud Security Right

Let's face it, cloud security can be done very wrong. Let's learn to do it right.
Regular Computer Weekly contributor Peter Ray Allison explores this issue, weighing up the questions organisations should be asking of their cloud service providers, and whose responsibility cloud security should be.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Start the conversation

0 comments

Register

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.